If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

SetupBuilder and Code-Signing

Table of Contents
Part I Introduction
Part II FAQ
Part III Buying A Certificate - The Lindersoft "Deal"
Part IV Getting the Tools
Part V Setting Up SetupBuilder
Part VI Code-Signing Your Installer
Part VII Code-Signing Your Application Files

Note: CAPICOM.dll has been removed from the Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1.

As of late August 2013, all valid (not expired, not revoked) Comodo Code Signing Certificates can be used for Kernel-Mode Code Signing (Windows Vista and greater).

Microsoft has published a security advisory on "Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program". The new policy takes effect after January 1, 2016 and requires CAs to migrate to the stronger SHA-2 hashing algorithm.

In summary, Windows will cease accepting SHA-1 certificates on January 1, 2017. To continue to work with Microsoft platforms, all SHA-1 SSL certificates issued before or after this announcement must be replaced with a SHA-256 (SHA-2) equivalent by January 1, 2017. Organizations need to develop a migration plan for any SHA-1 end-entity SSL certificates that expire after January 1, 2017 and SHA-1 code signing certificates that expire after January 1, 2016. SHA1 code signing certificates that are time stamped before 1 January 2016 will be accepted until such time when Microsoft decides SHA1 is vulnerable to pre-image attack. Microsoft will give new consideration to the SHA deprecation deadlines in July 2015.

1. Customers should "renew" with SHA-2 end-entity and intermediate certificates.

Before the SHA-1 algorithm is formally deprecated by Microsoft, it is important to ensure your organization and those relying on your infrastructure are benefiting from SHA-2 support by installing the latest version of the application or browser and applying all known security updates to your operating system.

Comodo will support only SHA-2 on all 3 year code signing certificates. They will also confirm policies at this time regarding 2 year SHA-1 code signing certificates.